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[520.1007] 

METHOD FOR ESTABLISHING A COMMON KEY FOR A GROUP OF AT LEAST 
THREE SUBSCRIBERS 

(2) What is claimed is: 

1 . A method for establishing a common key for a group of at least three subscribers, 
using a publicly known mathematical group G and a publicly known element of the group g e 
G of large order, 
wherein 

a) each subscriber (Ti) generates a message (Ni = g 21 mod p) from the publicly 
known element (g) of the group (G) and a random number (zi) selected or generated by 

' him/her and sends it to all other subscribers (Tj), 

b) each subscriber (Ti) generates a transmission key (k ,J ) from the messages (Nj) 
received from the other subscribers (Tj, j * i) and his/her random number (zi) according to 
the function k 1J : = Nj 21 = (g 23 ) 21 , the key being also known to subscriber (Tj) due to the equation 

k ij = k ji , 

c) each subscriber (Ti) sends his/her random number (zi) to all other subscribers 
(Tj) in encrypted form by generating the message (Mij) according to Mij := E(k 1J , zi), with 
E(k ij , zi) being a symmetrical encryption algorithm in which the data record (zi) is encrypted 
with the common transmission key (k ,J ), and 

d) the common key (k) to be established is determined by each subscriber (Ti) 
from his/her own random number (zi) and the random numbers (zj), j * i, received from the 
other subscribers according to the equation 

k: =f(zl, zn), 

it being required for f to be a symmetrical function which is invariant under the permutation 
of its arguments. 
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2. The method for establishing a common key as recited in Claim 1, 
wherein 

a) all subscribers (Ti) involved in the method send the message (Ni = g^ 1 ) they 
have generated to a subscriber such as the first subscriber (Tl) who has previously been 
determined to carry out the subsequent method step, 

b) the first subscriber (Tl) encrypts the received messages (Nj) of the other 
subscribers (Tj, j * 1) for each subscriber (Tj) individually with his/her random number (zl) 
to form in each case one transmission key (k lj ), the key being also known to the subscriber 
(Tj) due to the equation k lj = k jl , 

c) the first subscriber (Tl) sends his/her random number (zl) to all other 
subscribers (Tj) in encrypted form by generating the message (Mlj) according to Mlj := 
E(k lj , zl), with E(k lj , zl) being a symmetrical encryption algorithm in which the data record 
(zl) is encrypted with the common transmission key (k lj ), and 

d) the common key (k) to be established is determined by each subscriber (Ti) 
from the values (Ni) and (Nj), j * i, and the random number (zl) sent by the first subscriber 
(Tl) in encrypted form with the aid of the equation 

k: = h(zl,g z2 , ...,gT), 

with h (xl, x2, xn) being a function which is symmetrical in the arguments x2, xn. 



10 



